Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Puryear IT, LLC. 2010 All Rights Reserved. Taking Control of Your User Accounts Identity Management Basics Dustin Puryear Puryear IT, LLC.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© Puryear IT, LLC. 2010 All Rights Reserved. Taking Control of Your User Accounts Identity Management Basics Dustin Puryear Puryear IT, LLC."— Presentation transcript:

1 © Puryear IT, LLC. 2010 All Rights Reserved. Taking Control of Your User Accounts Identity Management Basics Dustin Puryear Puryear IT, LLC

2 © Puryear IT, LLC. 2010 All Rights Reserved. Who Are We? Puryear IT, LLC http://www.puryear-it.com/ Automating audit and compliance with solutions for user and privilege management and reporting. Contact us for a free consultation contact-us@puryear-it.com

3 © Puryear IT, LLC. 2010 All Rights Reserved. What is Identity Management? Is it about users? It is about passwords? Authentication? Three perspectives! Identity Management Pure Identity Paradigm User Access Paradigm Service Paradigm

4 © Puryear IT, LLC. 2010 All Rights Reserved. Pure Identity Paradigm Focus on Identity only Creation of Identities Management of Identities Deletion of Identities Notice that Access/Entitlements are not defined Update Identity Delete Identity Create Identity

5 © Puryear IT, LLC. 2010 All Rights Reserved. User Access Paradigm Focus on use of the digital identity The digital identity is typically unique The unique identity simplifies monitoring and verification User Identity Authentication (authn) Authorization (authz) Logging, Audit, Reporting

6 © Puryear IT, LLC. 2010 All Rights Reserved. Service Paradigm Focus on resources used to deploy services Examples include servers, applications, network devices, VPN Broader, more comprehensive view This is often the view of the audit/compliance team Employee User Accounts Applications

7 © Puryear IT, LLC. 2010 All Rights Reserved. Issues Addressed by Identity Management

8 © Puryear IT, LLC. 2010 All Rights Reserved. Management of Identities Identities Create, Modify, Delete WorkflowDelegation Self-Service Password Reset (SSPR) Password Synchronization “Breaches of identity and access management (IAM) lead to billions of dollars of losses each year, both reported and unreported.” - Gartner

9 © Puryear IT, LLC. 2010 All Rights Reserved. Directory Services Directories are a critical infrastructure component –Identity repositories –Metadata replication/synchronization services –Directory virtualization

10 © Puryear IT, LLC. 2010 All Rights Reserved. Access Control Role-based Access Control Policy-based Access Control Enterprise Single Sign On (ESSO) Web Single Sign On (WebSSO) Reduced Sign On Federation Protected Data Authorization Authentication

11 © Puryear IT, LLC. 2010 All Rights Reserved. Separation of Duties Critical for internal controls Implements checks and balances on individuals Reduces danger/risk of individual actions Can be difficult and expensive to implement Separate or Compensate Bread and butter of audit/compliance

12 © Puryear IT, LLC. 2010 All Rights Reserved. Example: SOX, SoD, and IT SOX places a large burden on IT IT relies on RBAC for SoD and compliance SoD items include –Identification of a requirement (business) –Authorization and approval (governance) –Design and development (developer) –Review, inspection, and approval (separate developer) –Implementation (systems administrators/operations) Successful SoD implementation includes –Align authorization rights with organizational role –Align authentication method with value of data –Watch the watchers

13 © Puryear IT, LLC. 2010 All Rights Reserved. Developing an Identity Management Roadmap Several steps involved: –Needs Analysis –Management Involvement –Team Involvement –Selecting Best Solution –Technical Design Decisions –Roll Out –Monitor/ROI

14 © Puryear IT, LLC. 2010 All Rights Reserved. Needs Analysis Map existing processes into a set of business problems Map business problems into requirements Map requirements into technical specification Map technical specification into: –Technical selection –Implementation design

15 © Puryear IT, LLC. 2010 All Rights Reserved. Issue: New Hires Business Problem –New hires require new accounts –Accounts must get proper access rights –How do we maintain SoD? –New hires must wait for process to complete! Business Solution –Automate on-boarding that relies on business rules and workflow/approvals Technical Solution –Define HR system as System of Record (SoR) –Creation of “minimum privileged” accounts based on HR data – Use of workflow to increase privileges

16 © Puryear IT, LLC. 2010 All Rights Reserved. Issue: Costly User Administration Business Problem –Each application is a silo –Helpdesk can’t easily change passwords –Lacks consistent audit trail –Inconsistent end-user information in databases –Security administrators perform user management activities Business Solution –Develop consistent user management process for administrators and helpdesk –Use SoR to define/update user information Technical Solution –Develop single interface to user management –Develop single interface for password management/changes –Develop automation of updates for “most critical” data –Identify SoD violations and eliminateXX

17 © Puryear IT, LLC. 2010 All Rights Reserved. Issue: Inconsistent Login IDs and Passwords Business Problem –Users have different Login IDs for applications –Users have too many passwords –Lack of consistency in password policy across the enterprise Business Solution –Develop enterprise Login ID convention –Migrate existing Login IDs to new convention –Develop enterprise password policy –Migrate existing passwords to new policy Technical Solution –Reconcile Login IDs to new convention using batch and manual methods –Implement consistent password policy –Implement password synchronization, reduced sign-on, single sign-on

18 © Puryear IT, LLC. 2010 All Rights Reserved. Issue: Security Vulnerabilities Business Problem –Delayed terminations result in critical vulnerabilities –Disgruntled terminated staff –Unused/dormant accounts –Access rights increase over time –Access rights incorrectly granted: “Set the new guy up just like Susan in HR” Business Solution –Develop process/workflow to handle terminations –Periodically review/audit user access rights –Develop request and authorization process for increasing user access rights Technical Solution –Automate user account terminations via SoR –Develop automated reports for user access rights, focusing on exception reporting for elevated rights –Implement workflow solution for user access rights

19 © Puryear IT, LLC. 2010 All Rights Reserved. Issue: Audit, Reporting Business Problem –Lack of audit trails within application silos –Many enterprise applications lack administrative logging –For those that have it, those applications don’t have a consistent log format –Difficult to monitor and enforce SoD policies Business Solution –Require enterprise-wide logging of accounts changes and use –Develop process to use account change and use logging for SoD reporting Technical Solution –Replace manual account management with software solutions that include logging capabilities –Enable SoD rules within user management solution to require workflow for SoD-sensitive positions

20 © Puryear IT, LLC. 2010 All Rights Reserved. Management Involvement A mandate is crucial! –Develop a clear mandate –Outline likely issues/problems Budget –Software license –Support –Training –Hardware and support software –Professional Services –Internal Resources

21 © Puryear IT, LLC. 2010 All Rights Reserved. Team Involvement Security Administrators Security Managers Audit/Compliance Systems Administrators Human Resources

22 © Puryear IT, LLC. 2010 All Rights Reserved. Selecting Best Solution

23 © Puryear IT, LLC. 2010 All Rights Reserved. Identify Feature Requirements Technical Features Core Capabilities Local Integration Ease of Deployment Product Flexibility Product Security Product Scalability

24 © Puryear IT, LLC. 2010 All Rights Reserved. Core Capabilities Product Capabilities Automation Auto-Discovery Of Resources SoD Login ID Reconciliation Workflow Admin Usage Consolidated View Delegation Passwords PoliciesSynchronization Logging

25 © Puryear IT, LLC. 2010 All Rights Reserved. Local Integration Localization is key to end-user acceptance! Local language support Logo Corporate look&feel Customization of request forms Integration into helpdesk Ability to send emails Accessible for performance & availability monitoring Support for local network and application, e.g., AD, RSA

26 © Puryear IT, LLC. 2010 All Rights Reserved. Ease of Deployment Deployment Characteristics Auto-Discovery Of Resources Login ID Reconciliation Non-local Agents Support Existing Databases Support Existing Directories Web-based Access Deployment is the stumbling block for many organizations. Be sure to map your needs to the technical capabilities of the product!

27 © Puryear IT, LLC. 2010 All Rights Reserved. Product Security Encryption –Local data –Remote access Authentication –Admin users –End-users/SSPR –Web Services Accountability –Logging –Reporting

28 © Puryear IT, LLC. 2010 All Rights Reserved. Product Scalability Can it handle your current organization? Can your organization handle it? Can it handle your organization in the future? Calculating scalability requirements –Servers –Service layer –Network –Target systems

29 © Puryear IT, LLC. 2010 All Rights Reserved. Product Flexibility Organization specific data elements –HR# –Student# –Job code –Facility Handle wide-range of applications –Network OS (NOS): AD, Novell, Linux/UNIX –Applications: Exchange, GroupWise, Mainframe apps Handle custom applications –Many enterprises have more custom applications than COTS applications Octopus = Flexible Get it?

30 © Puryear IT, LLC. 2010 All Rights Reserved. Customization for Custom Applications Pre-built agents for common applications SDK for new custom agents –C++, Java is most common –Java: Oracle, Sun, CA –C#: Microsoft Developer documentation SDK should be free or low-cost ODBC Wizard!

31 © Puryear IT, LLC. 2010 All Rights Reserved. Password Management Deserves its own slide! Must support your password policies –Password complexity –Password expiration Think about password synchronization WebSSO, SSO, reduced sign-on!

32 © Puryear IT, LLC. 2010 All Rights Reserved. Roll Out/Deployment Design and pilot stages are critical –Pilot stage will identify internal technical weaknesses –Failure to do a pilot can kill the project Pilot stage can help determine –Features to enable –User population that will access IdM solution –Security policies Password policies Authentication Account configuration policies –Types of roles needed Develop SoR and IdM integration Develop request and workflow rules Helpdesk integration –Email only –Application-level integration

33 © Puryear IT, LLC. 2010 All Rights Reserved. Request & Workflow Rules This is where the power really is! –What can be requested –What data must be included in request –Request validation –Request authorization –Request escalation

34 © Puryear IT, LLC. 2010 All Rights Reserved. Training Update users about changes –Angry users translate to non-conforming users Train HR staff on SoR updates –The SoR is critical to accuracy –Bad data in the SoR may trigger inappropriate workflow rules Train Security Administrators –Local app management should be a no-no –Only available in “break-the-glass” situation Train Security Officers and Auditors –Develop consistent reporting procedures –Automate reports

35 © Puryear IT, LLC. 2010 All Rights Reserved. Monitor and ROI Track helpdesk time before and after deployment –Without hard numbers, how do you justify? Track audit time before and after deployment –Typically a fast return –Easy win! Integrate into app deployment process –They will leave you behind –Create a standing meeting every six months or more Don’t become a new silo!

36 © Puryear IT, LLC. 2010 All Rights Reserved. Q&A Questions! Puryear IT, LLC http://www.puryear-it.com/ Automating audit and compliance with solutions for user and privilege management and reporting. * Portions of this presentation were taken from Wikipedia, Sun, Oracle, Microsoft, Novell, Hitachi ID, and other resources.

Download ppt "© Puryear IT, LLC. 2010 All Rights Reserved. Taking Control of Your User Accounts Identity Management Basics Dustin Puryear Puryear IT, LLC."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.

To learn more about Directory Concepts and how we can help your organisation please contact a Directory Concepts relationship manager near you: Sydney.
Distributed Capture within a Microsoft Environment.

Distributed Capture within a Microsoft Environment.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Understanding Active Directory

Understanding Active Directory
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
High-Level Assessment Month Year

High-Level Assessment Month Year
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.

EToken TMS 5.0 CA June 09. eToken TMS 5.0 Agenda  The challenge: Authenticator life-cycle management  eToken TMS (Token Management System)  eToken.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland

Identity Lifecycle Management Jonny Chambers Senior Technical Specialist Microsoft Ireland
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC

Similar presentations

Ads by Google